Updated: 22 June 2001
imap-2001 is a major release. Programs written for imap-2000 will probably build with this version without modification. The FAQ document has been significantly expanded. Be sure to read it for more information. In addition to the usual bugfixes, the following features are new in imap-2001: SSL is now fully integrated into the IMAP toolkit; the old "alt" kludges to be able to produce a "sanitized" version of the IMAP toolkit to comply with late unlamented US export regulations are now completely gone. Full client and server TLS support is also in this release. The server certificate must be signed by a trusted certificate authority and the name in the certificate match the user's entry for the server host name; this means that the user must enter a fully-qualified host name. To build with SSL/TLS on UNIX, you now use "SSLTYPE=unix" instead of the former "SPECIALAUTHENTICATORS=ssl". To build with SSL/TLS on UNIX and disable the use of plaintext passwords except when under SSL/TLS, use "SSLTYPE=nopwd" instead of "SSLTYPE=unix". RFC 1730 (IMAP4 as opposed to IMAP4rev1) support is turned off by default in imapd. No clients should still be using RFC 1730 protocol. Look at the imapd Makefile for how to re-enable RFC 1730 support. Note that this code may be removed in the future, so if you think you need it you had better let me know. There are some new options (turned off by default) which attempt to work around problems in certain clients. See the FAQ file for more details. Updated: 24 January 2001 imap-2000c is a maintenance release, consisting primarily of bugfixes. Updated: 9 January 2001 imap-2000b is a maintenance release, consisting primarily of bugfixes. Updated: 9 November 2000 imap-2000a is a maintenance release, consisting primarily of bugfixes. Updated: 19 September 2000 imap-2000 is a major release. There are major internal and external changes from earlier versions (imap-4.x and imap-3.x series). Programs written for imap-4.x will probably build with this version without modification. It is extremely unlikely that a program written for imap-3.x or earlier series will build with this version without modifications. Drivers written for earlier versions will definitely need to be rewritten. In addition to the usual bugfixes, the following features are new in imap-2000: SSL support is now available. For UNIX, it is necessary to install some version of OpenSSL; see imap-2000/docs/SSLBUILD for more information. SSL support is now automatic for the NT, NTK, and W2K ports. SSL use is indicated by the /ssl switch in the mailbox name. With SSL connections, the server certificate is validated by the client code on UNIX, and Windows 2000 unless /novalidate-cert is specified. Server certificates are currently is not validated on Windows 9x, Windows Millenium, or Windows NT 4; this is an artifact of the operating system and not the port (e.g. client code using the NT port will validate certificates if running on Windows 2000). On UNIX, the server certificate must be signed by a trusted certificate authority. On Windows 2000, the certificate must be signed by a trusted certificate authority and match the user's entry for the server host name; this means that the user must enter a fully-qualified host name. Calendar reclama for the benefit of old broken non-Y2K compliant software. Two digit years from 00 to 69 will be interpreted as 2000 through 2069. In addition, three digit years from 100 to 105 will be interpreted as 2000 through 2005. Support for REFERENCES threading (in addition to the previously-existing ORDEREDSUBJECT threading). Support for the IMAP MULTIAPPEND extension. This allows much faster uploading of multiple messages to an IMAP server. Support for the LOGINDISABLED IMAP capability. If the IMAP server sends LOGINDISABLED as a capability, the client code will never attempt to send an IMAP LOGIN command. Support for SASL authentication identity vs. authorization identity. If the authentication method does not support this concept (e.g. AUTH=CRAM-MD5, AUTH=LOGIN, LOGIN command), the "*" character in the user name may be used to indicate a separate authentication identity; for example, "fred*joe" indicates authorization identity "fred", authentication identity "joe". UNIX-specific Changes: Support for SASL authentication identity vs. authorization identity in the IMAP and POP3 servers. If the user indicated by the authentication identity is in the "mailadm" group, he may specify any authorization identity and get logged in as the authorization identity user. If the IMAP and POP3 servers are build with PASSWDTYPE=nul, it will send LOGINDISABLED as a capability and also disable the AUTH=LOGIN and AUTH=PLAIN SASL authenticators. New MAILSUBDIR build option to change the default mailbox directory from the user's home directory to a subdirectory of the user's home directory. See imap-2000/Makefile for more information. New CHROOT_SERVER build option for closed server systems only. If defined, a chroot() call to the user's home directory is done as part of the login process. See imap-2000/Makefile for more information. New ADVERTISE_THE_WORLD build option which will add an IMAP namespace that points to the root. Not for the faint of heart. UNIX format mailboxes no longer require the pseudo-message, nor will a pseudo-message be added to a mailbox that does not have one. A new X-IMAPbase: header will be written in the first message. This is rather less efficient and robust than the pseudo-message (which remains the encouraged mechanism; UNIX format mailboxes will always be created with it), but perhaps will pacify some people who get upset by the pseudo-message. When building with MIT Kerberos it will try to detect and use libk5crypto.a instead of libcrypto.a. The mbx driver is more aggressive about cleaning up expunged messages that couldn't be purged because of shared access to the mailbox at the time of expunge. Now, every checkpoint will try to purge such messages; and a checkpoint is attempted at close time. Windows-specific Changes: New W2K port for Windows 2000. In addition to supporting SSL using the official SSPI interface (the NT and NTK ports invoke SChannel.DLL directly), the W2K port also supports Microsoft Kerberos. Note that the NT and NTK ports will work on Windows 2000, but the W2K port will not work on NT4, Windows 9x, or Windows Millenium. There is now a #user namespace, equivalent to the "~" namespace on UNIX. Changes for Developers: New c-client.h file which acts as a master include. c-client based applications should now include c-client.h instead of the individual c-client files (mail.h, misc.h, etc.). It is believed that c-client.h will work in C++ applications. New GET_FREEENVELOPESPAREP/SET_FREEENVELOPESPAREP and GET_FREEELTSPAREP/SET_FREEELTSPAREP function callbacks to free the "sparep" member of the envelope and cache elements, respectively. New OP_MULNEWSRC flag to mail_open() to use multiple newsrc files, and new GET_NEWSRCQUERY/SET_NEWSRCQUERY function callbacks to get the name of the newsrc file for news access. New "secret" nntp_article() function to do the NNTP ARTICLE command; this is generally useful only when chasing news URLs. New GET_HIDEDOTFILES/SET_HIDEDOTFILES feature to suppress file names that start with "." in mail_list() results. |